Menu
Security Advisory – eWeLink 2.4G remote control light bulbs Remote Code Execution Vulnerability
| Title | Security Advisory – eWeLink 2.4G remote control light bulbs Remote Code Execution Vulnerability |
|---|---|
| Release Date | 2023/11/07 |
| Abstract | The connection modules of some Bluetooth 2.4G remote-control devices contain a vulnerability that allows bypassing of authentication. Successfully exploiting this vulnerability may allow attackers to access restricted functionalities. |
| Affected Product | BLREAD-L |
| Affected Version | BLREAD-L 1.2.1 |
| Impact | Attackers can exploit this vulnerability to access certain restricted functionalities. |
| Technical Details | Exploitation Preconditions:
The attacker is in proximity to the device and successfully pairs with the target device using the eWeLink App. Technical Details: Some "Bluetooth 2.4G remote-control lights" have a vulnerability that bypasses authentication. Connection to the device can be achieved without user authorization. Successfully exploiting this vulnerability may allow access to certain functionalities. |
| Resolution | Update the device’s firmware via eWeLink App to 1.2.2 or later. |